fieldju · January 19, 2017 00:08 · fieldju · Jan 19, 2017
diff --git a/cerberus_demo.py b/cerberus_demo.py
 #!/usr/bin/env python3

 import boto3
 import base64
 import json
 import argparse
 import requests


 def get_token(url, account_id, name, region):
    request_body = {
        'account_id': account_id,
        'role_name': name,
        'region': region
    }
    r = requests.post(url + '/v1/auth/iam-role', data=json.dumps(request_body))

    print(r.status_code, r.reason, r.text)

    data = json.loads(r.text)

    auth_data = data['auth_data']

    client = boto3.client('kms')
    response = client.decrypt(
        CiphertextBlob=base64.decodebytes(bytes(auth_data, 'utf-8'))
    )

    token = json.loads(response['Plaintext'].decode('utf-8'))['client_token']
    print('Token: ' + token)
    return token


 def get_secret(token, url, path):
    r = requests.get(url + '/v1/secret/' + path, headers={'X-Vault-token': token})
    print(r.status_code, r.reason, r.text)


 def main():
    parser = argparse.ArgumentParser(description='Cerberus demo in python.')
    parser.add_argument('--url', '-u', type=str, help='cerberus_url', required=True)
    parser.add_argument('--account_id', '-a', type=str, help='account id', required=True)
    parser.add_argument('--name', '-n', type=str, help='role name', required=True)
    parser.add_argument('--region', '-r', type=str, help='Region, default = us-west-2', default='us-west-2')
    parser.add_argument('--path', '-p', type=str, help='path to secret', required=True)
    args = parser.parse_args()

    token = get_token(args.url, args.account_id, args.name, args.region)
    get_secret(token, args.url, args.path)


 if __name__ == "__main__":
    main()
	#!/usr/bin/env python3

	import boto3
	import base64
	import json
	import argparse
	import requests


	def get_token(url, account_id, name, region):
	request_body = {
	'account_id': account_id,
	'role_name': name,
	'region': region
	}
	r = requests.post(url + '/v1/auth/iam-role', data=json.dumps(request_body))

	print(r.status_code, r.reason, r.text)

	data = json.loads(r.text)

	auth_data = data['auth_data']

	client = boto3.client('kms')
	response = client.decrypt(
	CiphertextBlob=base64.decodebytes(bytes(auth_data, 'utf-8'))
	)

	token = json.loads(response['Plaintext'].decode('utf-8'))['client_token']
	print('Token: ' + token)
	return token


	def get_secret(token, url, path):
	r = requests.get(url + '/v1/secret/' + path, headers={'X-Vault-token': token})
	print(r.status_code, r.reason, r.text)


	def main():
	parser = argparse.ArgumentParser(description='Cerberus demo in python.')
	parser.add_argument('--url', '-u', type=str, help='cerberus_url', required=True)
	parser.add_argument('--account_id', '-a', type=str, help='account id', required=True)
	parser.add_argument('--name', '-n', type=str, help='role name', required=True)
	parser.add_argument('--region', '-r', type=str, help='Region, default = us-west-2', default='us-west-2')
	parser.add_argument('--path', '-p', type=str, help='path to secret', required=True)
	args = parser.parse_args()

	token = get_token(args.url, args.account_id, args.name, args.region)
	get_secret(token, args.url, args.path)


	if __name__ == "__main__":
	main()